Metasploit-framework: exploit/linux/samba/is_known_pipename only works with SMB1
Steps to reproduce
First have a Samba server with SMB 1 disabled.
Within mfsconsole:
use use exploit/linux/samba/is_known_pipename
set RHOSTS <server_address>
set verbose true
exploit
Expected behavior
The exploit succeeds or fails.
Current behavior
Use Rex client (SMB1 only) to enumerate directories, since it is not compatible with RubySMB client
Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass
System stuff
Metasploit version
Framework: 6.0.1-dev-
Console : 6.0.1-dev-
I installed Metasploit with:
- [ ] Kali package via apt
- [ ] Omnibus installer (nightly)
- [x] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
- [ ] Source install (please specify ruby version)
OS
Ubuntu 19.10
Additional Information
The verbose log explains the problem pretty clearly. Line 128 forces use of SMB Version 1, and the server has it disabled.
Replacing it with just connect fails because of the stuff = self.simple.client.find_first("\\*") line.
I was able to temporarily bypass the issue by commenting out the findfirst line, and everything which dealt with "stuff". The root folder of the share was writable, so it worked.
It may be worth adding an option to set the folder path within the share, and only falling back to searching if that is unset. Along with a note to that effect in the info section.
Due to my contract, I would require permission to share any code I have written during work hours with the community without explicit approval. Which means I can't actually submit a PR unless I did the work on my own time on my own computer at home.
EmperorArthur
All 5 comments
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It鈥檚 been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
![github-actions[bot] picture](https://avatars2.githubusercontent.com/in/15368?v=4&s=40)
github-actions[bot]
on 10 Sep 2020
This issue still exists.
The offending file is this one. The problem is in def enumerate_directories(share).
Other important commands that I had to discover were:
set SMBUser <user>
set SMBPass <password>
set SMB::AlwaysEncrypt false
set SMB::ProtocolVersion 2,3
The first three are extremely important and are not mentioned in the normal info section.
In addition, "auxiliary/scanner/smb/smb_enumshares" actually gets the information that the exploit is missing.
This means there is a fix, I am just not sure how to implement it.
EmperorArthur
on 7 Oct 2020
👍2
@EmperorArthur Thanks for the error report; Would you mind trying this out again with the latest version of Metasploit, and attaching the output of the debug command?
- Start
msfconsole - Run the command
set loglevel 3 - Take the steps necessary recreate your issue
- Run the
debugcommand - Copy all the output below the
===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===line and make sure to REMOVE ANY SENSITIVE INFORMATION. - Replace these instructions and the paragraph above with the output from step 5.
adfoster-r7
on 7 Oct 2020
Thanks fo reporting this @EmperorArthur. It looks like this is more an improvement than a real bug. This module is not fully compatible with RubySMB and, by extension, SMB2/3. This will require some refactor to replace #find_first by something RubySMB already supports, like it has been done here. Also, I like the idea to add an option to set a path instead of automatically detecting it.
cdelafuente-r7
on 7 Oct 2020
@cdelafuente-r7 Microsoft is very actively deprecating SMB1, to the point that many new versions of Windows aren't even including it, and everything except corporate upgrades is actively uninstalling it. Unless the exploit relies on SMB1, then it seems broken, or at least needs to be explicitly mentioned as a dependency.
@adfoster-r7 Here are the results you asked for. After looking at the logs, I performed an additional check and confirmed that the problem is coming from connect(versions: [1]). I have confirmed that the server min protocol is "SMB2_02".
What's interesting to me is the logs seem to indicate it thought it could negatie SMB1, but then failed when it actually tried to use that protocol.
Test Results
setg RHOSTS <ip_address>
use exploit/linux/samba/is_known_pipename
set SMBUser <user_name>
set SMBPass <password>
set SMB_SHARE_NAME <writable_folder>
set loglevel 3
set SMB::AlwaysEncrypt false
run
Results in:
[-]
:445 - Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass
[*] Exploit completed, but no session was created.
Debug output
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
[framework/core]
RHOSTS=<ip_address>
[framework/database]
default_db=local-https-data-service
[framework/database/local-https-data-service]
url=[Filtered]
cert=[Filtered]
skip_verify=[Filtered]
api_token=[Filtered]
[framework/ui/console]
ActiveModule=exploit/linux/samba/is_known_pipename
[linux/samba/is_known_pipename]
DCERPC::fake_bind_multi=false
SHELL=/bin/sh
WORKSPACE=
VERBOSE=false
WfsDelay=0
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
RHOSTS=<ip_address>
RPORT=445
SSL=false
SSLVersion=Auto
SSLVerifyMode=PEER
SSLCipher=
Proxies=
CPORT=
CHOST=
ConnectTimeout=10
TCP::max_send_size=0
TCP::send_delay=0
DCERPC::max_frag_size=4096
DCERPC::fake_bind_multi_prepend=0
DCERPC::fake_bind_multi_append=0
DCERPC::smb_pipeio=rw
DCERPC::ReadTimeout=10
NTLM::UseNTLMv2=true
NTLM::UseNTLM2_session=true
NTLM::SendLM=true
NTLM::UseLMKey=false
NTLM::SendNTLM=true
NTLM::SendSPN=true
SMB::pipe_evasion=false
SMB::pipe_write_min_size=1
SMB::pipe_write_max_size=1024
SMB::pipe_read_min_size=1
SMB::pipe_read_max_size=1024
SMB::pad_data_level=0
SMB::pad_file_level=0
SMB::obscure_trans_pipe_level=0
SMBDirect=true
SMBUser=<username>
SMBPass=<password>
SMBDomain=.
SMBName=*SMBSERVER
SMB::VerifySignature=false
SMB::ChunkSize=500
SMB::Native_OS=Windows 2000 2195
SMB::Native_LM=Windows 2000 5.0
SMB::ProtocolVersion=1,2,3
SMB::AlwaysEncrypt=false
SMB_SHARE_NAME=<writable_folder>
SMB_FOLDER=
PAYLOAD=cmd/unix/interact
loglevel=3
History
The following commands were ran during the session and before this issue occurred:
Collapse
465 setg RHOSTS <ip_address>
466 use exploit/linux/samba/is_known_pipename
467 set SMBUser <username>
468 set SMBPass <password>
469 set SMB_SHARE_NAME <writable_folder>
470 set loglevel 3
471 set SMB::AlwaysEncrypt false
472 run
473 debug
Framework Errors
The following framework errors occurred before the issue occurred:
Collapse
[10/07/2020 16:16:48] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass
[10/07/2020 16:17:10] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[10/07/2020 16:17:10] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[10/07/2020 16:17:10] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[10/07/2020 16:17:10] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/exchange_enum.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/onprem_enum.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/host_id.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:20:44] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass
Web Service Errors
The following web service errors occurred before the issue occurred:
Collapse
No matching patterns were found in msf-ws.log.
Framework Logs
The following framework logs were recorded before the issue occurred:
Collapse
[10/07/2020 16:14:20] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[10/07/2020 16:14:20] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/exchange_enum.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:14:20] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/onprem_enum.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:14:20] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/host_id.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:14:24] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3]
[10/07/2020 16:14:24] [d(0)] core: Negotiated SMB version: SMB3
[10/07/2020 16:14:24] [d(0)] core: SMB version(s) to negotiate: [1]
[10/07/2020 16:14:24] [d(0)] core: Negotiated SMB version: SMB1
[10/07/2020 16:14:24] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3]
[10/07/2020 16:14:25] [d(0)] core: Negotiated SMB version: SMB3
[10/07/2020 16:14:25] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass
[10/07/2020 16:14:38] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3]
[10/07/2020 16:14:38] [d(0)] core: Negotiated SMB version: SMB3
[10/07/2020 16:14:38] [d(0)] core: SMB version(s) to negotiate: [1]
[10/07/2020 16:14:38] [d(0)] core: Negotiated SMB version: SMB1
[10/07/2020 16:14:38] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3]
[10/07/2020 16:14:38] [d(0)] core: Negotiated SMB version: SMB3
[10/07/2020 16:14:38] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass
[10/07/2020 16:16:22] [i(0)] core: Default data service found. Attempting to connect...
[10/07/2020 16:16:26] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[10/07/2020 16:16:26] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[10/07/2020 16:16:26] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[10/07/2020 16:16:26] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[10/07/2020 16:16:26] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[10/07/2020 16:16:26] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/exchange_enum.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:16:26] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/onprem_enum.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:16:26] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/host_id.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:16:48] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3]
[10/07/2020 16:16:48] [d(0)] core: Negotiated SMB version: SMB3
[10/07/2020 16:16:48] [d(0)] core: SMB version(s) to negotiate: [1]
[10/07/2020 16:16:48] [d(0)] core: Negotiated SMB version: SMB1
[10/07/2020 16:16:48] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3]
[10/07/2020 16:16:48] [d(0)] core: Negotiated SMB version: SMB3
[10/07/2020 16:16:48] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass
[10/07/2020 16:17:06] [i(0)] core: Default data service found. Attempting to connect...
[10/07/2020 16:17:10] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[10/07/2020 16:17:10] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[10/07/2020 16:17:10] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[10/07/2020 16:17:10] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/exchange_enum.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/onprem_enum.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/host_id.go - Errno::ENOENT No such file or directory - go
[10/07/2020 16:20:44] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3]
[10/07/2020 16:20:44] [d(0)] core: Negotiated SMB version: SMB3
[10/07/2020 16:20:44] [d(0)] core: SMB version(s) to negotiate: [1]
[10/07/2020 16:20:44] [d(0)] core: Negotiated SMB version: SMB1
[10/07/2020 16:20:44] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3]
[10/07/2020 16:20:44] [d(0)] core: Negotiated SMB version: SMB3
[10/07/2020 16:20:44] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass
Web Service Logs
The following web service logs were recorded before the issue occurred:
Collapse
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `invoke'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:919:in `call!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:908:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:36:in `block in call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/xss_header.rb:18:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/path_traversal.rb:16:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/json_csrf.rb:26:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/frame_options.rb:31:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/null_logger.rb:11:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:194:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1951:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1503:in `block in call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1730:in `synchronize'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1503:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:86:in `block in pre_process'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `pre_process'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:53:in `process'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:39:in `receive_data'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in `run_machine'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in `run'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/backends/base.rb:73:in `start'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/server.rb:162:in `start'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/controllers/controller.rb:87:in `start'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/runner.rb:203:in `run_command'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/runner.rb:159:in `run!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/bin/thin:6:in `<top (required)>'
/opt/metasploit-framework/embedded/bin/thin:23:in `load'
/opt/metasploit-framework/embedded/bin/thin:23:in `<main>'
2020-08-10 11:55:52 - ActiveRecord::StatementInvalid - PG::UnableToSend: no connection to the server
: SELECT "users".* FROM "users" WHERE "users"."username" = $1 ORDER BY "users"."id" ASC LIMIT $2:
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:622:in `exec_prepared'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:622:in `block (2 levels) in exec_cache'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activesupport-5.2.4.3/lib/active_support/dependencies/interlock.rb:48:in `block in permit_concurrent_loads'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activesupport-5.2.4.3/lib/active_support/concurrency/share_lock.rb:187:in `yield_shares'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activesupport-5.2.4.3/lib/active_support/dependencies/interlock.rb:47:in `permit_concurrent_loads'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:621:in `block in exec_cache'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract_adapter.rb:581:in `block (2 levels) in log'
/opt/metasploit-framework/embedded/lib/ruby/2.6.0/monitor.rb:235:in `mon_synchronize'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract_adapter.rb:580:in `block in log'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activesupport-5.2.4.3/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract_adapter.rb:571:in `log'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:620:in `exec_cache'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:600:in `execute_and_clear'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql/database_statements.rb:81:in `exec_query'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract/database_statements.rb:482:in `select_prepared'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract/database_statements.rb:68:in `select_all'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract/query_cache.rb:106:in `select_all'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/querying.rb:41:in `find_by_sql'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:560:in `block in exec_queries'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:584:in `skip_query_cache_if_necessary'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:547:in `exec_queries'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:422:in `load'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:200:in `records'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:195:in `to_ary'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation/finder_methods.rb:532:in `find_nth_with_limit'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation/finder_methods.rb:517:in `find_nth'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation/finder_methods.rb:125:in `first'
/opt/metasploit-framework/embedded/framework/lib/msf/core/web_services/authentication/strategies/user_password.rb:35:in `authenticate!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/strategies/base.rb:54:in `_run!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:369:in `block in _run_strategies_for'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:365:in `each'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:365:in `_run_strategies_for'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:335:in `_perform_authentication'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:133:in `authenticate!'
/opt/metasploit-framework/embedded/framework/lib/msf/core/web_services/servlet/auth_servlet.rb:59:in `block in post_login'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1636:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1636:in `block in compile!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:987:in `block (3 levels) in route!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1006:in `route_eval'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:987:in `block (2 levels) in route!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1035:in `block in process_route'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1033:in `catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1033:in `process_route'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:985:in `block in route!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:984:in `each'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:984:in `route!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1098:in `block in dispatch!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `block in invoke'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `invoke'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1095:in `dispatch!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:919:in `block in call!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `block in invoke'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `invoke'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:919:in `call!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:908:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:36:in `block in call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/xss_header.rb:18:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/path_traversal.rb:16:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/json_csrf.rb:26:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/frame_options.rb:31:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/null_logger.rb:11:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:194:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1951:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1503:in `block in call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1730:in `synchronize'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1503:in `call'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:86:in `block in pre_process'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `pre_process'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:53:in `process'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:39:in `receive_data'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in `run_machine'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in `run'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/backends/base.rb:73:in `start'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/server.rb:162:in `start'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/controllers/controller.rb:87:in `start'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/runner.rb:203:in `run_command'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/runner.rb:159:in `run!'
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/bin/thin:6:in `<top (required)>'
/opt/metasploit-framework/embedded/bin/thin:23:in `load'
/opt/metasploit-framework/embedded/bin/thin:23:in `<main>'
Exiting!
Writing PID to /home/arthur/.msf4/msf-ws.pid
Thin web server (v1.7.2 codename Bachmanity)
Maximum connections set to 1024
Listening on localhost:5443, CTRL+C to stop
Writing PID to /home/arthur/.msf4/msf-ws.pid
Thin web server (v1.7.2 codename Bachmanity)
Maximum connections set to 1024
Listening on localhost:5443, CTRL+C to stop
Restarting ...
Writing PID to /home/arthur/.msf4/msf-ws.pid
Thin web server (v1.7.2 codename Bachmanity)
Maximum connections set to 1024
Listening on localhost:5443, CTRL+C to stop
Writing PID to /home/arthur/.msf4/msf-ws.pid
Thin web server (v1.7.2 codename Bachmanity)
Maximum connections set to 1024
Listening on localhost:5443, CTRL+C to stop
Version/Install
The versions and install method of your Metasploit setup:
Collapse
Framework: 6.0.10-dev-
Ruby: ruby 2.6.6p146 (2020-03-31 revision 67876) [x86_64-linux]
Install Root: /opt/metasploit-framework/embedded/framework
Session Type: Connected to remote_data_service: (https://localhost:5443). Connection type: http. Connection name: #<Metasploit::Framework::DataService::RemoteHTTPDataService:0x00007fa32b378298>.
Install Method: Omnibus Installer
Was this page helpful?
0 / 5 - 0 ratings
Related issues
Acidical
路
3Comments
adrianmihalko
路
3Comments
0x27
路
3Comments
felipee07
路
3Comments
BaconBombz
路
3Comments
Most helpful comment
This issue still exists.
The offending file is this one. The problem is in def enumerate_directories(share).
Other important commands that I had to discover were:
The first three are extremely important and are not mentioned in the normal info section.
In addition, "auxiliary/scanner/smb/smb_enumshares" actually gets the information that the exploit is missing.
This means there is a fix, I am just not sure how to implement it.